When running an Active Directory environment based on Windows Server it is critical to have proper time synchronization in order to keep authentication going. Time difference larger than 5 minutes may result in authentication failures on clients and error event logs on Active Directory Domain Controller.
Standard time.windows.com sometimes is not responding or can’t be reached by a DC. Unless you don’t have on premisses atomic clock it’s always good to specify few NTP servers on your Domain Controller. Keep in mind, that they should be from the same provider in order to avoid time differences when switching from one to another by your DC. I usually prefer servers from pool.ntp.org. They are reliable, used by milions and work pretty good.
In order to configure above servers on your DC (which is a CLIENT from pool.ntp.org point of view and SERVER from domain joined computers point of view) you need:
w32tm /config /syncfromflags:manual /manualpeerlist:0.pool.ntp.org,1.pool.ntp.org,2.pool.ntp.org,3.pool.ntp.org,0x8 /reliable:yes /update
From now on, your Windows Server should sync to one of above servers. Thanks to that when one will be unavailable it will sync to another and will not get out of sync with clients.